2018, Antivirus and Internet - Cyber Security Informer

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. In March 2024, threat actors behind this campaign started targeting Internet of Things (IoT) devices in the US, Australia, Canada, New Zealand, and the United Kingdom. ” reads the PIN report.

Architecture

Architecture Internet Internet Malware

A Deep Dive Into the Residential Proxy Service ‘911’

Krebs on Security

JULY 18, 2022

For the past seven years, an online service known as 911 has sold access to hundreds of thousands of Microsoft Windows computers daily, allowing customers to route their Internet traffic through PCs in virtually any country or city around the globe — but predominantly in the United States. THE INTERNET NEVER FORGETS.

VPN

VPN Computers and Electronics Antivirus Software

Who’s Behind the RevCode WebMonitor RAT?

Krebs on Security

APRIL 22, 2019

The software is broadly classified as malware by most antivirus companies, likely thanks to an advertised feature list that includes dumping the remote computer’s temporary memory; retrieving passwords from dozens of email programs; snarfing the target’s Wi-Fi credentials; and viewing the target’s Webcam.

Advertising

Advertising Antivirus Software Malware

MY TAKE: The back story on the convergence, continuing evolution of endpoint security

The Last Watchdog

AUGUST 17, 2018

No one in cybersecurity refers to “antivirus” protection any more. since the nascent days of the antivirus market, I find in fascinating that the top dozen or so antivirus players have all managed to remain in the game. In the early days, antivirus suites were threat-centric and device-centric. Looming consolidation.

Antivirus

Antivirus Digital transformation Social Engineering Technology

Breach Exposes Users of Microleaves Proxy Service

Krebs on Security

JULY 28, 2022

Launched in 2013, Microleaves is a service that allows customers to route their Internet traffic through PCs in virtually any country or city around the globe. Microleaves works by changing each customer’s Internet Protocol (IP) address every five to ten minutes. io emerged as subsidiaries of Microleaves between 2017 and 2018.

Advertising

Advertising Software Computers and Electronics Internet

Some Fortinet products used hardcoded keys and weak encryption for communications

Security Affairs

NOVEMBER 26, 2019

Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam and AntiVirus cloud services. UDP ports 53, 8888 and TCP port 80 (HTTP POST /fgdsvc).

Encryption

Encryption Antivirus Advertising DNS

A Closer Look at the Snatch Data Ransom Group

Krebs on Security

SEPTEMBER 30, 2023

The government says Snatch used a customized ransomware variant notable for rebooting Microsoft Windows devices into Safe Mode — enabling the ransomware to circumvent detection by antivirus or endpoint protection — and then encrypting files when few services are running. Details after contacting on jabber: truniger@xmpp[.]jp.”

Ransomware

Ransomware Accountability Cybercrime Backups

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

The Last Watchdog

JANUARY 28, 2019

Consider that most of us spend more time navigating the Internet on our laptops and smartphones than we do behind the wheel of a car. But the larger point is that Xbash is just one of dozens of malware families circulating far and wide across the Internet. This has become an engrained pattern in our modern digital world.

Passwords

Passwords Password Management Internet Internet

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

The Last Watchdog

JUNE 21, 2020

The above-mentioned AIDS Trojan hailing from the distant pre-Internet era was the progenitor of the trend, but its real-world impact was close to zero. RaaS rollout 2015 – 2018. The GandCrab RaaS that appeared in early 2018 was one of the last high-profile threats targeting individuals on a large scale. About the essayist.

Ransomware

Ransomware Hacking Encryption Penetration Testing

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

The Last Watchdog

APRIL 26, 2021

I’ve written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. VPNs give the individual user direct control over the unique data stream transmitting data between their laptop or smartphone and the Internet. Related: Privacy war: Apple vs. Facebook. I’ll keep watch and keep reporting.

B2C

B2C VPN Marketing Antivirus

Who’s In Your Online Shopping Cart?

Krebs on Security

NOVEMBER 4, 2018

In Internet ages past, this often meant obfuscating it as giant blobs of gibberish text that was obvious even to the untrained eye. In September, Symantec said it blocked almost a quarter of a million instances of attempted formjacking since mid-August 2018.

Antivirus

Antivirus Hacking Internet Internet

Wipro Intruders Targeted Other Major IT Firms

Krebs on Security

APRIL 18, 2019

app), one very interesting Internet address is connected to all of them — 185.159.83[.]24. In May 2018, Maritz Holdings Inc. , If one examines the subdomains tied to just one of the malicious domains mentioned in the IoCs list (internal-message[.]app), secure.wipro.com.internal-message[.]app. secure.elavon.com.internal-message[.]app.

Retail

Retail Phishing Internet Internet

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Security Affairs

JUNE 22, 2021

The Windows botnet has been active since late 2017, it was mainly used to mine cryptocurrency, but it was also involved in DDoS attacks in 2018. The module that implements the warm capabilities was spotted scanning the internet and performing password brute-force attacks against Windows systems with SMB port open online.

DNS

DNS Internet Internet Malware

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

A historic records search at Domaintools on that tosaka1027@gmail.com address says it was used to register 24 Internet domain names , including at least seven that have been conclusively tied to the spread of powerful Android mobile malware. a firm that says it is “dedicated to the development and operation of Internet mobile games.”

Mobile

Mobile Technology Manufacturing Malware

Kaspersky addressed multiple issues in online protection solutions

Security Affairs

NOVEMBER 26, 2019

Kaspersky has addressed several vulnerabilities in the web protection features implemented in its antivirus solutions, including Internet Security, Total Security, Free Anti-Virus , Security Cloud, and Small Office Security products. As in: under some circumstances, antivirus would still crash. ” continues the analysis.

Antivirus

Antivirus Advertising Password Management Passwords

Payroll Provider Gives Extortionists a Payday

Krebs on Security

FEBRUARY 23, 2019

On Christmas Eve 2018, cloud data hosting firm Dataresolution.net was hit with the Ryuk strain of ransomware. Other than different antivirus and not allowing RDP connections to the internet they don’t seem to have put any additional safeguards in place. More than a week later on Jan.

Ransomware

Ransomware Backups Encryption Internet

Microsoft’s case study: Emotet took down an entire network in just 8 days

Security Affairs

APRIL 4, 2020

Microsoft declared that an Emotet attack took down an organization’s network by overheating all the computers and bringing its Internet access down. “He’d been told the organization had an extensive system to prevent cyberattacks, but this new virus evaded all their firewalls and antivirus software. .

Antivirus

Antivirus Malware Phishing Advertising

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

The Last Watchdog

AUGUST 15, 2019

Related: ‘Cyber Pearl Harbor’ happens every day Some 15 months earlier, in March 2018, Atlanta was hit by a similar assault, and likewise refused to pay a $51,000 ransom, eating $17 million in damage. Baltimore refused to pay – choosing, instead, to absorb an estimated $18 million in recovery costs. mayors attending the U.S.

Ransomware

Ransomware Internet Internet Hacking

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Last Watchdog

MAY 1, 2019

Despite billions of dollars spent on the latest, greatest antivirus suites, firewalls and intrusion detection systems, enterprises continue to suffer breaches that can be traced back to the actions of a single, unsuspecting employee. Yet there is a single point of failure common to just about all network break-ins: humans. Talk more soon.

Social Engineering

Social Engineering Engineering Phishing Banking

The Hidden Cost of Ransomware: Wholesale Password Theft

Krebs on Security

JANUARY 6, 2020

who picked up his cell phone and said shut it off from the Internet.” When we looked at this in retrospect, during these three days the cybercriminals slowly compromised the entire network, disabling antivirus, running customized scripts, and deploying ransomware. Commercial phone, Internet and power services.

Passwords

Passwords Ransomware Password Management Malware

Mysterious custom malware used to steal 1.2TB of data from million PCs

Security Affairs

JUNE 11, 2021

million Windows systems between 2018 and 2020. The software includes illegal Adobe Photoshop 2018, a Windows cracking tool, and several cracked games.” million entries) Opera (2 million entries) Internet Explorer/Microsoft Edge (1.3 Researchers from NordLocker have discovered an unsecured database containing 1.2-terabyte

Malware

Malware Computers and Electronics Software Financial Services

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Security Affairs

JULY 25, 2019

Experts at Intezer researchers have spotted a strain of the Linux mining that also scans the Internet for Windows RDP servers vulnerable to the Bluekeep. In May, Internet scans found nearly one million systems vu lnerable to the BlueKeep flaw. ” reads a blog post published by Intezer. ” continues the analysis.

Cryptocurrency

Cryptocurrency Internet Internet Malware

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Security Affairs

AUGUST 27, 2020

Most of us already know the importance of using antivirus , anti-malware, and VPNs to secure our computers, phones, and other devices against potential attacks. To perform the experiment, we used Internet of Things (IoT) search engines to search for open devices that utilized common printer ports and protocols. Original post: [link].

Hacking

Hacking IoT Firmware Internet

Millions put at risk by old, out of date routers

Malwarebytes

MAY 7, 2021

There has been much discussion of antivirus protection, patching your software, and using VPNs. a consumer watchdog in the UK, recently released its findings about routers issued by UK Internet Service Providers (ISPs). But what if the security flaws aren’t in your phones or laptops, but the router your ISP gave you?

Risk

Risk Passwords Internet Internet

PDF zero-day samples harvest user data when opened in Chrome

Security Affairs

FEBRUARY 27, 2019

The experts initially detected the specially-crafted PDF files in December 2018. “Since late December 2018, EdgeSpot has detected multiple PDF samples in the wild which exploit a Google Chrome zero-day flaw.” ” reads the analysis published by EdgeSpot. ” states the experts. Below the timeline.

Advertising

Advertising Antivirus Internet Internet

BotenaGo botnet targets millions of IoT devices using 33 exploits

Security Affairs

NOVEMBER 11, 2021

Beta, D6220, D6400, D7000 CVE-2018-10561, CVE-2018-10562 GPON home routers CVE-2013-3307 Linksys X3000 1.0.03 CVE-2018-10088 XiongMai uc-httpd 1.0.0 BotenaGo was written in Golang (Go) and at the time of the report published by the experts, it had a low antivirus (AV) detection rate (6/62). Beta, R6400 before 1.0.1.18.Beta,

IoT

IoT Firmware Malware Wireless

Tracing the Supply Chain Attack on Android

Krebs on Security

JUNE 25, 2019

A historic records search at Domaintools on that tosaka1027@gmail.com address says it was used to register 24 Internet domain names , including at least seven that have been conclusively tied to the spread of powerful Android mobile malware. a firm that says it is “dedicated to the development and operation of Internet mobile games.”

Mobile

Mobile Technology Manufacturing Software

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

Security Affairs

APRIL 2, 2021

The threat actors are actively exploiting the following vulnerabilities in Fortinet FortiOS: CVE-2018-13379 ; CVE-2020-12812 ; CVE-2019-5591. In March 2021, government experts observed state sponsored hackers scanning the internet for servers vulnerable to the above flaws, the attackers were probing systems on ports 4443, 8443, and 10443.

Government

Government Passwords Accountability Firmware

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Security Affairs

JULY 8, 2020

Since March 2019, Fxmsp announced in cybercrime forums the availability of information stolen from major antivirus companies located in the U.S. Between 2017 and 2018, Fxmsp created a network of trusted proxy resellers to promote their breaches on the criminal underground.

Hacking

Hacking Antivirus Advertising Cybercrime

Purple Fox Rootkit Discovered In Malicious Telegram Installers

Hacker Combat

JANUARY 6, 2022

The first discovery of Purple Fox was in 2018. The malware has now moved to take advantage of vulnerable internet-based systems and SMB services that are exposed. This folder is responsible for several tasks including shutting a wide spectrum of antivirus functions. The stealthy malware can be planted while evading detection.

Malware

Malware Antivirus Software Phishing

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

The Last Watchdog

MAY 20, 2019

Malware deliveries Upon reviewing Android usage data for all of 2018, Google identified a rise in the number of “potentially harmful apps” that were preinstalled or delivered through over-the-air updates. In a nutshell: lock your device; click judiciously; use antivirus. Here are a few key developments everyone should know about.

Mobile

Mobile Spyware Banking Manufacturing

Weak Cybersecurity? Here’s Something You Can Do About It

Adam Levin

NOVEMBER 15, 2019

A 2018 study regarding VPN use worldwide is worth considering. Usage increased 185% from 2016 to 2017 and 165% from 2017 to 2018. If, for example, a user resides in a country with major Internet restrictions (think: the Great Firewall of China ), he or she may connect to a VPN outside of that country and bypass local laws.

VPN

VPN Cybersecurity Firewall Data breaches

Security Affairs newsletter Round 221 – News of the week

Security Affairs

JULY 7, 2019

Germany and the Netherlands agreded to build TEN, the first ever joint military internet. Germany and the Netherlands agreed to build TEN, the first ever joint military internet. Firefox finally addressed the Antivirus software TLS Errors. Sodin Ransomware includes exploit for Windows CVE-2018-8453 bug.

Scams

Scams Advertising Spyware DNS

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

Security Affairs

APRIL 16, 2019

The malware is also able to inject JavaScript adware in Internet Explorer, install Chrome/Opera extensions to inject JavaScript adware on these browsers as well, exfiltrate browsing history, silently display ads or muted YouTube videos to users via Chrome, and subscribe users to YouTube video channels.

Spyware

Spyware Adware Malware Accountability

What Is Malware? Understanding the Basics of Website Malware

SiteLock

AUGUST 27, 2021

Millions of websites across the internet also contain vulnerabilities that make them easy targets. In 2018 alone, we saw thousands of data breaches expose more than 446 million records. In fact, according to our research , a single website will experience nearly 60 attacks a day, and every website on the internet is a potential target.

Malware

Malware Small Business Computers and Electronics Adware

Top VC Firms in Cybersecurity of 2022

eSecurity Planet

APRIL 26, 2022

Company Sector Year Status Vicarius Vulnerability management 2022 Private Dragos ICS and OT security 2021 Private Safeguard Cyber Risk management 2021 Private CyberGRX Risk management 2019 Private Signifyd Fraud protection 2018 Private RedOwl Security analytics 2015 Acquired: Forcepoint. Accel Investments. Andreessen Horowitz (a16z).

Cybersecurity

Cybersecurity Technology Marketing Healthcare

Q&A: How cybersecurity has become a primal battleground for AI one-upsmanship

The Last Watchdog

MARCH 29, 2019

When antivirus (AV) software first arrived in the late 1980s, the science of combating computer viruses was very straightforward. Another way is to test code samples against our backend, to try to fool our antivirus classifiers. The intent is to figure out which parts of the file are being detected by us as being malicious.

Artificial Intelligence

Artificial Intelligence Cybersecurity Malware Antivirus

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

The Last Watchdog

SEPTEMBER 4, 2018

And at Black Hat USA 2018 , the company unveiled a new CyberFlood functionality that makes it possible for an enterprise to emulate a real-world attack in a live environment. Meanwhile, we also have a dedicated threat research team analyzing malware discovered by the engagement teams, as well as coming off the backbone of the Internet.

Penetration Testing

Penetration Testing Firewall Data breaches Malware

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Security Affairs

APRIL 10, 2019

That file was delivered via malscam campaigns around the world and its source-code is obfuscated in order to evade antivirus detection and complicate its analysis. The latter leverages the WinRar/Ace vulnerability ( CVE-2018-20250 ) dropping the malware itself into the Windows startup folder.

Banking

Banking Malware Antivirus Cyber threats

Attacks against game companies are up. But why?

SC Magazine

JUNE 25, 2021

That represents a 340% increase year-over-year, a 415% increase since 2018 and accounted for about 4% of the more than 6.3 This week, cybersecurity firm Akamai said they have observed more than 246 million web application attacks levied against the gaming industry between 2019 and 2020.

Computers and Electronics

Computers and Electronics Media Marketing Cryptocurrency

Using a Mythic agent to optimize penetration testing

SecureList

MAY 13, 2025

Immutable opcode sequence for Cobalt Strike agent Another example is Metasploit’s Meterpreter payload, whose signatures appear in Microsoft’s antivirus database more than 230 times, making the tool significantly more difficult to use in projects. The Sliver framework is an open-source project.

Penetration Testing

Penetration Testing Architecture Technology Encryption

Malvertising Campaign Targets IoT Devices: GeoEdge

eSecurity Planet

AUGUST 9, 2021

A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers ad security and quality solutions to online and mobile advertisers. billion in 2018.

IoT

IoT Advertising Identity Theft Mobile

NEW TECH: SlashNext dynamically inspects web page contents to detect latest phishing attacks

The Last Watchdog

MAY 7, 2019

Consider these metrics from messaging security firm Proofpoint : •Email-based corporate credential phishing attacks quadrupled in Q3 2018 vs. the previous quarter. What’s more, a study by antivirus vendor Webroot informs that more than 46,000 new phishing sites go live each day, with most disappearing in a few hours. Talk more soon.

Phishing

Phishing Social Engineering Engineering Antivirus

A new trojan Lampion targets Portugal

Security Affairs

DECEMBER 29, 2019

SI-LAB noted that Portuguese users were targeted with malscam messages that reported issues related to a debt of the year 2018. It downloads the next stage from the compromised server available on the Internet on an AWS S3 bucket. This is a clear signal that most of the antivirus engines don’t detect yet the malware signature.

Malware

Malware Internet Internet Antivirus

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

A Deep Dive Into the Residential Proxy Service ‘911’

Trending Sources

Who’s Behind the RevCode WebMonitor RAT?

MY TAKE: The back story on the convergence, continuing evolution of endpoint security

Breach Exposes Users of Microleaves Proxy Service

Some Fortinet products used hardcoded keys and weak encryption for communications

A Closer Look at the Snatch Data Ransom Group

MY TAKE: 3 privacy and security habits each individual has a responsibility to embrace

SHARED INTEL: How ransomware evolved from consumer trickery to deep enterprise hacks

MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security

Who’s In Your Online Shopping Cart?

Wipro Intruders Targeted Other Major IT Firms

DirtyMoe botnet infected 100,000+ Windows systems in H1 2021

Tracing the Supply Chain Attack on Android

Kaspersky addressed multiple issues in online protection solutions

Payroll Provider Gives Extortionists a Payday

Microsoft’s case study: Emotet took down an entire network in just 8 days

MY TAKE: A primer on how ransomware arose to the become an enduring scourge

BEST PRACTICES: Mock phishing attacks prep employees to avoid being socially engineered

The Hidden Cost of Ransomware: Wholesale Password Theft

Mysterious custom malware used to steal 1.2TB of data from million PCs

New variant of Linux Botnet WatchBog adds BlueKeep scanner

Experts hacked 28,000 unsecured printers to raise awareness of printer security issues

Millions put at risk by old, out of date routers

PDF zero-day samples harvest user data when opened in Chrome

BotenaGo botnet targets millions of IoT devices using 33 exploits

Tracing the Supply Chain Attack on Android

FBI and CISA are warning of APT actors targeting Fortinet FortiOS servers

DOJ indicts Fxmsp hacker for selling access to hacked businesses

Purple Fox Rootkit Discovered In Malicious Telegram Installers

MY TAKE: Android users beware: Google says ‘potentially harmful apps’ on the rise

Weak Cybersecurity? Here’s Something You Can Do About It

Security Affairs newsletter Round 221 – News of the week

Scranos – A Cross Platform, Rootkit-Enabled Spyware rapidly spreading

What Is Malware? Understanding the Basics of Website Malware

Top VC Firms in Cybersecurity of 2022

Q&A: How cybersecurity has become a primal battleground for AI one-upsmanship

Q&A: How emulating attacks in a live environment can more pervasively protect complex networks

[SI-LAB] EMOTET spread in Chile impacted hundreds of users and targeted financial and banking services

Attacks against game companies are up. But why?

Using a Mythic agent to optimize penetration testing

Malvertising Campaign Targets IoT Devices: GeoEdge

NEW TECH: SlashNext dynamically inspects web page contents to detect latest phishing attacks

A new trojan Lampion targets Portugal

Stay Connected